This content is from: Portfolio
Kill Switches Come to Life
To avoid further market fiascos, the trading industry embraces the idea of automatic suspensions of order flow. But will they work?

After a long, hot summer of costly software glitches and trading meltdowns in U.S. equity markets, the exchange community is looking for new ways to tackle market malfunctions at the urging of the Securities and Exchange Commission. Perhaps the most intuitive solution that emerged at the SECs market technology roundtable on October 2 was the idea of creating a so-called kill switch an automated software program that would allow an exchange to suspend, or drop, order flow from a member firm or trading partner whose trades exceeded a preset risk limit.
The idea was initially presented to the SEC by a group of U.S. exchanges, broker-dealers and buy-side firms in a letter dated September 28, just days before the roundtable in Washington D.C. The signatories, who included seven exchange and clearinghouse executives (the letter was also endorsed by 16 banks, broker-dealers and buy-side firms), have joined forces to tackle market risk as members of an informal, industry-wide working group. Humbled and alarmed by the frequency and severity of some of the most recent trading glitches, the industry working group is developing solutions that could help backstop the risk parameters set by the exchanges own member firms and market makers.
Although the kill switch concept would not solve every market-infrastructure challenge in an age of lightning-fast, high-volume trade execution, says Eric Noll (who was one of the signatories on the letter to the SEC), executive vice president of transaction services in the U.S. and U.K. for the Nasdaq OMX Group, it would still be a valuable tool in the event of a problem emanating from a member firms trading software. It would provide a failsafe means for the exchange to step in at the last minute, and based on a predetermined metric turn off a firms trading access, thus preventing software problems from doing any more damage, either to the firm itself or other participants in the marketplace, he says.
The hazards of external software bugs setting off erroneous trading patterns became obvious this summer when Jersey City, New Jerseybased Knight Capital Group botched a trading-software upgrade on August 1 and reportedly activated a piece of dormant code. The rogue code sent a flurry of orders to the New York Stock Exchange that ultimately cost the firm $440 million. Unable to meet the costs of its trading fiasco, Knight had to be rescued from financial ruin by a consortium of Wall Street banks and trading competitors, including New Yorkbased alternative asset management firm Blackstone, Chicago-based automated market maker Getco and New Yorkbased investment bank Jefferies Group.
Knight wasnt alone in its shame. A number of other firms suffered expensive, headline-grabbing technological glitches this year, including BATS Global Markets, which botched its own IPO in March, and Nasdaq, which suffered a very public market glitch during the launch of the Facebook IPO in May. Knights dilemma, which affected dozens of New York Stock Exchangelisted stocks and resulted in a surge of erroneous trades being executed, was among the most visible and damaging because the firms own risk controls were clearly insufficient to stop the orders flowing through to the exchange and NYSE didnt have any obvious way to help Knight address the problem, highlighting the need for an automated trading-suspension tool like a kill switch.
You have to have a way of stopping chaos once it happens, says Miranda Mizen, New Yorkbased principal and director of equities research for market research firm TABB Group. So conceptually, I think this [kill-switch idea] is a must. Mizen is pleased by the way the exchanges are stepping up to the challenge, and starting to work together to protect market integrity more broadly, beyond their own business interests. Its not enough to say, well, my systems are working okay, she says, because a problem may be bigger than an individual market.
Although kill switches could provide a powerful means of blocking erroneous trades, they would still have to be venue-specific in their initial rollout, Noll says. They would not be able to address anything happening in other markets or other types of securities. Kill switches could not provide a holistic solution across multiple venues, multiple asset classes and multiple geographies, he says, but on the individual exchange level, they would be meaningful and make sense.
The operational structure of a kill-switch system has yet to be determined, but the working groups letter spelled out one possible approach by suggesting that exchanges develop software that would track individual member firms peak net notional exposure, which would be calculated by adding net long positions with net short positions on an absolute basis per trading symbol. Working in conjunction with the exchanges, individual member firms would establish limits on their overall trading activity (or even categories of activity) within which they wanted to operate. The exchanges software would then measure post-trade exposure on an automated basis, send warnings when trading activity encroached on those limits and trigger suspension of trading if those limits were exceeded.
The addition of such preprogrammed trading limits would not preempt the work already being done by individual trading firms and broker-dealers to enhance their own risk management systems it would merely supplement those efforts. Many trading firms have their own versions of kill switches, says one industry source, whose trading firm endorsed the September 28 letter, but in order for it to be failsafe a backup at the exchange level would be very valuable. He believes the key is to take a multilayered approach, not least because software glitches can cause unanticipated disruptions within technology systems.
Its possible, even for a very well-intentioned, well-managed trading firm to have a problem with the activation of its own internal kill switch if it is simultaneously experiencing a broader problem with its trading system, he says. When engineering systems become unstable, they can become unpredictable, so it would be good to have independent, external safeguards.
In all likelihood, the exchanges will develop some form of kill-switch technology simply to protect their own businesses from the threat of disruption. Discussions are already underway with the exchanges member firms. Earlier this month, for example, Noll spent several days in Chicago, conducting meetings with Nasdaqs trading clients to hear their views on kill switches and other exchange-level risk-management tools. The challenge, of course, will be to find a way to backstop the risk parameters of a single members trading activity and suspend its activity if necessary without disrupting markets further or adversely impacting order flow. The biggest concern in the trading industry is that, if designed incorrectly, these risk-management tools could create cascading activation of kill switches across trading venues and firms, driving liquidity out of the market just when that liquidity is most needed.
Activating a kill switch could be akin to putting on the handbrake when youre going down the highway, says TABBs Mizen. But what happens to everyone else who is on that road? What happens to the order flow that is backing up behind it? Does it just spin off? Obviously, there are a number of warning systems that could be put in place, but at the rate at which things happen these days a warning is a luxury, not a normality, so different parties interests need to be balanced.
Despite the challenges inherent to the project, the kill-switch concept seems to have gained considerable momentum within the industry over the past few weeks. The members of the working group continue to meet regularly, Noll says, with the aim of developing a market-led solution as a matter of urgency. No one wants to risk another Knight-style fiasco.